Yesterday morning, Steve presented at FIRST 2016 on "Correlating Threats Using Internet Snapshots". The presentation he gave was one that's evolved ever since we were purchased by RiskIQ in September 2015. One of our primary goals outside of making the platform better is to ensure we are finding the best ways to communicate our message out to our user community. If we are able to clearly outline the value of infrastructure analysis, then chances are,
Last week we announced the addition of a new, free data source inside of PassiveTotal, Open Source Intelligence (OSINT). The source has already paid dividends in saving us time and helping add more context, but it wasn’t until last night when reviewing RSA’s GlassRAT report that it really sunk in how much this simple overlay could augment the analyst workflow.
Whenever we observe a new report or blog post with indicators, we make
If you are a heavy PassiveTotal web user, then surely you have noticed a big change in our application design since being acquired by RiskIQ. If this news is brand new, check out the post we did earlier this month before reading on!
Late last week, we pushed out a silent update to our source associations page that included several helpful features and the addition of two new sources, 360CN and CIRCL.lu. In total, PassiveTotal now provides access to 12 passive DNS repositories making it the most comprehensive solution for doing threat infrastructure analysis. Over the next several weeks, we anticipate adding two more additional sources to the platform to provide even more coverage.
In the early days of PassiveTotal, we simply displayed passive DNS results inside of an HTML table. This was fine at first, but as time went on, we noticed that we were spending a lot of effort focusing on each date, mapping it to our research and trying to ensure the domain or IP we were analyzing actually fit within our timeline. We made mistakes, missed minor changes and completely failed to observe